Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow or wraparound flaw exists in Adobe Acrobat Reader up to and including version 26.001.21651. The overflow can cause the application to crash, resulting in a denial‑of‑service condition. The vulnerability is classified as CWE‑190 and does not allow arbitrary code execution or privilege escalation; the effect is limited to terminating the reader process.

Affected Systems

Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier releases are vulnerable.

Risk and Exploitability

With a CVSS score of 5.5, the weakness is considered moderate. EPSS data is currently unavailable and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a user to open a malicious PDF, so an attacker must first lure or persuade the target to view the file. Once the file is processed, the reader crashes, leading to a DoS on the application. Because it is not an active remote exploit, the risk is lower but still significant for users who frequently open unknown documents.

Generated by OpenCVE AI on June 9, 2026 at 22:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Adobe Acrobat Reader update that fixes the integer overflow flaw.
  • Configure the system to allow Adobe Reader to open files only from trusted directories or sources, and disable or block automatic opening of PDFs from email or the internet. The allowed sources should be explicitly defined in configuration or group policy.
  • Enforce application whitelisting or group‑policy rules that prevent execution of older, vulnerable Adobe Reader binaries.

Generated by OpenCVE AI on June 9, 2026 at 22:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Integer Overflow or Wraparound (CWE-190)
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:54:27.163Z

Reserved: 2026-05-20T15:50:31.360Z

Link: CVE-2026-47925

cve-icon Vulnrichment

Updated: 2026-06-09T20:54:22.657Z

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:22.457

Modified: 2026-06-09T21:17:22.457

Link: CVE-2026-47925

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T01:15:18Z

Weaknesses